HADA – An Access Controlled Application for Publishing and Discovering Linked Government Data

Digital Enterprise Research Institute www.deri.ie

HADA – An Access Controlled Application for Publishing and

Discovering Linked Government Data

Owen [email protected]

IESD 2012 - EKAW 2012Galway, Ireland

Tuesday 9th October 2012


Enabling Networked Knowledge

US Government’s principal agency for: Protecting the Health of all Americans Providing all essential Human Services



Promote the advancement of the Health, Safety, and Well-Being of the American People

HEALTH AND HUMAN SERVICES DOMAIN

IT PROGRAM MANAGEMENT OFFICE

HHS IT Asset Discovery ApplicationHADA



HEALTH AND HUMAN SERVICES DOMAINIT PROGRAM MANAGEMENT OFFICE




Currently, data about HHS IT Investments exists:

In different systems

In different data models

With different levels of access







HADA aims to provide intelligent:

Aggregation of this data to support information discovery

Interoperability amongst the different systems

Fine-grained Access Control

Using Semantic Web principles




WWW

Docs

Semantic Database

Public Data

EPLC and other docsDataEnterprise

Repositories

Data Access Rules Who can see what?

Web Application

She searches for a specific IT Investment cost

IT asset information are pre-aggregated from multiple data sources Which are

stored in a database

Access rules are checked to grant or restrict access to the IT Investment Cost

If she has access, she can view the Investment cost



XML

CPIC Repositories Code, Documentation, Etc. Repositories

Content Extraction Layer

Semantic Layer

Data Layer

Instance data

Extracted instance data in XML format

System Content Extraction

DocsCode Etc.

Metadata Extraction and Manual Clarification

XML

Semantic Transformation and Synthesis

XML

XML

XML

Existing Ontologies

Semantic Model

Transformation

Presentation and

Navigation of Content Presentation Layer

EA Repositories

(e.g. FEA)

Semantic Database


Privacy Layer

Privacy Preference ManagerEnforcement

of Privacy Policies

Privacy Preferences Repositories










Publishing Linked Data using the Linked Data API

• A RESTful API over RDF graphs • Acts as a proxy over SPARQL endpoints• Easy-to-process representations of resources

Indexing and searching RDF data using SIREn

“A Lucene plugin to efficiently index and query RDF, as well as any textual document with an arbitrary amount of metadata fields”

Storing RDF data using Sesame and ARC over MySQL



Subject Predicate Object ContextHADA hasName “HHS IT

Asset Discovery Application”

HEAR

HADA hasAcronym “HADA” HEARHADA hasCost $12345 CPICHADA hasIPAddress 107.20.137.2

10HEAR

HADA belongsTo HHS HEARHADA hasLabel “Health and

Human Services Asset Discovery Application”

ITDashboard

HADA hasAcronym “HADA” ITDashboard

More than one rule can be applied to each data element

Attribute based access and fine grained access




Privacy Preference Ontology

Namespace: http://vocab.deri.ie/ppo#

ppo:PrivacyPreference

rdfs:Resource

rdf:Statement

trix:Graph

void:Dataset

rdfs:Resource

ppo:appliesToStatement

ppo:appliesToNamedGraph

ppo:appliesToDataset

ppo:appliesToResource

ppo:appliesToContext

Applies To

ppo:Condition

ppo:ConditionOperator

rdfs:Resource rdfs:Resource rdfs:Class rdfs:Class rdfs:Literal rdfs:Propoerty

ppo:hasLogicalOperator

ppo:hasConditionppo:hasConditionOperator

ppo:conditionOperatorOf

ppo:hasPropertyppo:hasLiteralppo:classAsSubjectppo:resourceAsObjectppo:resourceAsSubject

wo:Weightppo:hasPriority

ppo:Operator

ppo:classAsObject

ppo:hasChildConditionOperator

Conditions

ppo:AccessSpace

foaf:Agent rdfs:Literal

ppo:hasAccessQueryppo:hasAccessAgent

ppo:hasAccessSpace

Access Test Queries

acl:Accessacl:Access

ppo:hasNoAccess ppo:hasAccess

Access Control Privileges




PREFIX ppo: <http://vocab.deri.ie/ppo#> .PREFIX hada: <http://hprod.dyndns.org/> .

hada:pp1 a ppo:PrivacyPreference;

ppo:appliesToResource <http://hprod.dyndns.org/hada/Investment/90000001>;

ppo:hasAccess acl:Read;

ppo:hasAccessSpace [ ppo:hasAccessQuery "ASK {?x foaf:topic_interest

<http://hprod.dyndns.org/hada/vocab/Asset>}"].





Privacy Preference

90000001 acl:Read

Who is interested in Asset

ppo:appliesToResource ppo:hasAccessQuery

ppo:hasAccess




Privacy Preference Manager

User


SPARQL Endpoint

RDF Documents

Privacy Preferences Repositories

Privacy Preference Manager provides:• Creating privacy preferences • Enforcing privacy preferences



Enforcing Privacy Policies

RDF Data Retriever & Parser

Privacy Preferences

Enforcer

Privacy Preferences

Creator

Privacy Preference

s

John

Request

Request RDF DATA

Logs In

John’s Profile


Query

PrivacyPreference

Filtered RDF Data

Query RDF DataAccess Query Result

Request John’s RDF Profile

SPARQL Endpoint

RDF Documents







Towards Patient Controlled Privacy

Privacy PreferenceManager

Alex

Privacy PreferenceManager

John

SPARQL Endpoint

RDF Documents

HHS is exploring to use on healthdata.gov:• Linked Data API for publishing Linked Data• Privacy Preference Framework to provide the

Patient to control third party access to his/her health data

SPARQL Endpoint

RDF Documents

Privacy Preferences Privacy Preferences

Interface Interface



Links HADA: http://hprod.dyndns.org/

Linked Data API: http://code.google.com/p/linked-data-api/ SIREn: http://siren.sindice.com/ Sesame: http://www.openrdf.org/

PPO Namespace URI: http://vocab.deri.ie/ppo# PPM Screencasts:

Creating Privacy Preferences: http://bit.ly/p0N1Vi Viewing Filtered Triples: http://bit.ly/qiAdxT

Email: [email protected]